[3.4] libbsd: Heap buffer overflow in fgetwln function (CVE-2016-2090)
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.
Fixed In Version:
libbsd 0.8.2
References:
http://seclists.org/oss-sec/2016/q1/234
https://bugs.freedesktop.org/show\_bug.cgi?id=93881
Patch:
http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
(from redmine: issue id 6093, created on 2016-08-28, closed on 2016-09-28)
- Relations:
- parent #6092 (closed)
- Changesets:
- Revision 211bdc38 by Natanael Copa on 2016-09-15T14:20:57Z:
main/libbsd: security upgrade to 0.8.2 (CVE-2016-2090)
fixes #6093